I know a ton has been posted about SQL injection on these forums, but I wonder specifically if there was anything so dramatically different about the recent rash of injections?

The reason I ask is because our website developer is telling me that the site as written a year or so ago was secure again known SQL injection vulnerabilities at the time, but the recent version of attacks was able to slip past earlier efforts to secure the site. Sound reasonable or are they trying to cover their backsides?

It is funny that one of the article the web designer suggested I read in an effort to prove his case actually states that a properly coded site would not have been as vulnerable to the recent wave of attacks.

I have sort of come late to this topic, but don't jump on your developers just yet. There was a new attack just recently, and I am totally blanking on the details, or where I found it. The harder I think about it, the less likely I will be able to remember it too.

Let me stew on it for a while. I am pretty sure it had to do with a specific application though, like Invision Power Board.

I have sort of come late to this topic, but don't jump on your developers just yet. There was a new attack just recently, and I am totally blanking on the details, or where I found it. The harder I think about it, the less likely I will be able to remember it too.

Let me stew on it for a while. I am pretty sure it had to do with a specific application though, like Invision Power Board.

OK, I'll go easy on them for now.

What I have read so far suggests that the vulnerability exploited by the most recent attacks was the same as eariler SQL injection vulnerabilites, but that the statement was different.

Basically the developer knows that I'm no SQL or ASP wiz, and because of this I want to make sure they aren't trying to slither out of responsibility for any security issues that they may have overlooked.